Facebook exposes contact information for 6,000,000 people

In what is becoming a standard shameful practice of Silicon Valley, Facebook announced late on Friday as most people are thinking about the weekend, that the company had “shared” (irony alert) 6 million Facebook users email addresses or telephone numbers.

The glitch happened as a result of coding bug in the friend recommendation engine, which uses contact information to try to guess who you might know but haven’t added to your Facebook network. If someone went to download their personal information — the Download Your Information (DYI) tool — Facebook might have given them additional email addresses or telephone numbers for their contacts or people with whom they have some connection.

While alarming, it’s worth repeating that the shared information would have been with someone you were already connected with — so that person likely had your contact information anyway.

Facebook says that each impacted email address or telephone number was only downloaded by someone else once or twice and that it has no evidence that anyone has exploited this bug maliciously. Additionally, it not received any complaints from users yet — though that may now change.

“Additionally, no other types of personal or financial information were included and only people on Facebook — not developers or advertisers — have access to the DYI tool,” read a post from the Facebook security team.

The glitch is another in a long chain of reminders that if you trust your personal information to computers and companies you have no control over, mistakes of all magnitudes can happen.

The bug was reported through the company’s White Hat Program, which allows collaboration with 3rd party security researchers to help find glitches.